GH-693: use pcap_dump_open_append where supported

cmake

@@ -1 +1 @@
-Subproject commit 4d1990f0e4c273cf51ec52278add6ff256f9c889
+Subproject commit ed6c3e341408c2469093c40969354c4fb1ebce99

src/iosource/pcap/Dumper.cc

@@ -68,11 +68,15 @@ void PcapDumper::Open()
 
 	else
 		{
+#ifdef HAVE_PCAP_DUMP_OPEN_APPEND
+		dumper = pcap_dump_open_append(pd, props.path.c_str());
+#else
 		// Old file and we need to append, which, unfortunately,
 		// is not supported by libpcap. So, we have to hack a
-		// little bit, knowing that pcap_dumpter_t is, in fact,
+		// little bit, knowing that pcap_dumper_t is, in fact,
 		// a FILE ... :-(
 		dumper = (pcap_dumper_t*)fopen(props.path.c_str(), "a");
+#endif
 		if ( ! dumper )
 			{
 			Error(util::fmt("can't open dump %s: %s", props.path.c_str(), strerror(errno)));

testing/btest/bifs/dump_current_packet.zeek

@@ -5,6 +5,10 @@
 # @TEST-EXEC: btest-diff 1.hex
 # @TEST-EXEC: btest-diff 2.hex
 
+# Run the same test a second time, which will try to write to an
+# existing file and shouldn't crash a sanitizer build.
+# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT
+
 # Note that the hex output will contain global pcap header information,
 # including Zeek's snaplen setting (so maybe check that out in the case
 # you are reading this message due to this test failing in the future).

zeek-config.h.in

@@ -49,6 +49,9 @@
 /* Define if you have the <pcap-int.h> header file. */
 #cmakedefine HAVE_PCAP_INT_H
 
+/* Define if libpcap supports pcap_dump_open_append(). */
+#cmakedefine HAVE_PCAP_DUMP_OPEN_APPEND
+
 /* line editing & history powers */
 #cmakedefine HAVE_READLINE